Gallery

Contacts

405 W. Greenlawn Ave Lansing, Michigan 48910

contact@techjacksolutions.com

+1-616-320-4064

Four widely used Laravel Lang Composer packages were compromised via a GitHub tag-rewriting attack that silently redirected up to 700 historical version references to malicious credential-stealing code. Version pinning via composer.lock provides no protection against this technique. Any developer or CI/CD environment that installed these packages before Packagist remediation on 2026-05-23 should be treated as fully compromised and all reachable credentials rotated immediately.

Author

Tech Jacks Solutions